How do I? - Page 34 - Burp Suite User Forum

How to generate custom Vulnerable Scanning Report?

Academy Lab: "Finding and exploiting an unsused API endpoint" | the sugested solution throws "error: 500"

Hi. I am not sure whether I am just doing something wrong or if the solution for the lab has not been updated. Firstly, I tried to solve the lab on my own, but after countless "internal server error" responses I tried to...

Reset lab "Web shell upload via Content-Type restriction bypass"

I need the lab "Web shell upload via Content-Type restriction bypass" to be reset. The /home/carlos/secret file was deleted and no longer available to get the solution from.

automatically scan a Vue application

I can scan a vb.net application. The deep scan ran for 15 hours We also have vue applications. The deep scan only ran for about 15 minutes. Has anyone had luck running the Professional version deep scan on a vue...

Purchase multiple exam vouchers for engineers on my team

Hi all. Using my credit card I want to purchase three BSCP exam vouchers for three engineers on my team. Is this possible to do this in one transaction? If NO, assuming I have to go through this process three times? =>...

Error Unknown Host

Issue: Always getting Error Unknown Host regardless of website visited in Burp Browser. Trying to load lab Detail: I am attempting to connect as I did the day prior, on the same connection. Again, this has worked...

Problem with 2FA bypass using a brute-force attack lab

So I've done this three times so far, using Burp Suite Pro (2024.1.1.4), and I'm having no luck. I'll avoid spoilers, but the short answer is that all the responses I get are HTTP 200, no 302 in sight. I've gone though the...

HTTP History appear parameter:?category=

Hi, On this page, the video explains testing for SQL injection. When scanning, there is one SQL injection vuln with only path /filter. But when accessing HTTP History, appear parameter:?category= Can you explain...

Bcheck script for SSL weak cipher suites vulnerability

Is it possible to write BChecks script to detect SSL weak cipher suites used in web server. https://github.com/projectdiscovery/nuclei-templates/blob/main/ssl/weak-cipher-suites.yaml Need help to convert the above...

Montoya API: Update HttpHeader in Repeater Tab

Is it possible to change a HttpHeader on the HttpRequestResponse selected via a ContextMenuEvent in a Reapeater tab?

having Difficulties in solving lab

i am trying to solve this lab Lab: Developing a custom gadget chain for Java deserialization . When i am trying to serialise java cookie i am using your githup main.java in repl.it but i am getting an...

Burp scanner missed to exploit a blind SQL injection

Greetings. I was recently working on a blind SQL vulnerability (oracle database). There was 3 vulnerable parameters on the same request. However burp scanner could not always identify the vulnerability and when that happens...

Burp Enterprise Controlling False Positive Action to particular User

Is there a way to restrict false positive action to particular user or group may be using Role.? or if there is another way by which i can restrict False positive marking of issue for user(s) let me know. I tried...

BSCP EXAM

Hello how much time do i have to do the exam , so the voucher expires or it does not expire?

Unknow Host Problem

1)- Go to your firefox settings, and then open Network Settings. 2)- Go to Connection Settings, and then Activate(Use System Proxy Settings), Not manual. 3)- It worked for me, I hope it works for you too.

How do I perform API scanning?

I have a Backend REST API application that I want to scan. I am following the steps in https://portswigger.net/burp/documentation/desktop/automated-scanning/api-scans. It says "To run an API scan, click New scan > API scan...

Activation failed

Hi, I'm getting 'no more activations allowed' error message. Could you please help me reset the activation? Thanks!

I am unable to create a password for my account

Hi team, I am unable to create a password for my account as it always need to retrieve the temporary password from the forget requests. As couldn't access the labs as i need password to login in the burp browser to complete...

i need help with burp suite's in browser

I'm doing the Portswigger web academy and am trying to use burp suite's in browser. when i open the browser it's just a basic page. if i try to access the web academy labs in the browser, it asks me to log in to portswigger...

Rest my labs & material progress

Dear portswigger, Kindly you help resetting my labs & material progress Best regards